Sunday, July 23, 2006

July 23,2006

Software firm loses computer loaded with personal details of about 500K in NY

By JOHN RILEY Newsday Staff Writer July 21, 2006, 8:52 PM EDT

More than a half-million New Yorkers who have made claims to a special workers' compensation fund have been notified that a Chicago-based claims-management software firm has lost track of a personal computer containing their private data, including Social Security numbers.

The company, CS Stars, a subsidiary of insurance giant Marsh Inc., lost track of the computer while installing claims-management software for the Special Funds Conservation Committee, a private insurer-and-employer group that handles two particular types of workers' comp claims under New York State law.

The company has called in the FBI to investigate the May 9 disappearance of the computer, and in a letter dated July 18 promised New Yorkers whose data were lost that it would provide free credit monitoring for the next year to nip any possible identity theft in the bud, and $25,000 in identity-theft insurance.

... The Special Funds Conservation Committee handles workers' compensation coverage in New York for about 56,500 disabled workers who suffer a second injury, and about 36,000 old claims that are reopened. In existence since 1938, it maintains records on about 540,000 old and current claimants, said chief executive Steven Licht.

... Licht also said there were copies of all the data, and claims payments had not been interrupted.

Someone should check what these people say before they talk to the press.

Maricopa Community Colleges is taking a second look at a contract with a national loan company to provide student tuition services after the company lost information on 188,000 customers.

The district's governing board is slated to approve a contract with NelNet at its Tuesday meeting without discussion.

... College district officials heard about the security breach Thursday, said Debra Thompson, district vice chancellor for business services.

They were wanting to see how much responsibility NelNet bore in the loss of the data, which United Parcel Service shipped from Aurora, Colo., near Denver. Most, if not all, of the customers whose information has been lost are from Colorado, said Cheryl Watson, chief communications officer for NelNet.

The data, stored on magnetic tape in a single box, were reported lost Monday and had not been recovered by Friday afternoon, Watson said. Customers were notified as a courtesy, she said, because the company was "not technically required to notify them."

"In all likelihood, the tape was probably destroyed in the UPS facility," [What a great ad for UPS! Bob] Watson said Friday. "We're just doing what is in the best interest of the students."

... The way NelNet was transporting the sensitive information was "relatively historic and archaic," said Darrel Huish, associate vice chancellor of information technology with Maricopa Community Colleges.

... NelNet representatives have said this was a "routine shipment" and stressed that the magnetic tape on which the data are stored is secure because it requires sophisticated equipment to be read and used. [A tape drive... Bob]

... "Identity theft is a $55 billion-a-year industry," Davis said Friday. "They (criminals) have all the technology they need to read magnetic tape. They have all the resources they need."

This is creating a lot of buzz, but no one seems to know what's happening.

Posted by ScuttleMonkey on Saturday July 22, @07:45PM from the smash-and-grab dept. Security

An anonymous reader writes "FBI agents today arrested Steven Rambam, the owner of a company that bills itself as the largest privately held online investigative service in the United States, according to Washingtonpost.com's Security Fix blog. From the story: 'Rambam was arrested this afternoon by FBI agents just moments before he was to lead a panel discussion on privacy here at the HOPE hacker conference in New York City. Rambam and three other panelists were to discuss how they dug up -- in just 4.5 hours of searching private and public databases -- more than 500 pages worth of data on HOPE attendee Rick Dakan, who agreed to be the guinea pig for the project.'"

Posted by ScuttleMonkey on Saturday July 22, @09:34PM from the anti-electronic-shoulder-surfing dept. Security Software

un1xl0ser writes to tell us Hacktivismo has released a new chat program known as ScatterChat. It is a friendly fork of GAIM that "provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation." This announcement was made at HOPE, where CDs were distributed. A torrent and several screenshots are also available."

SAN FRANCISCO, July 21 (Reuters) - An independent report filed on Friday in an Arkansas court sided with Google over disgruntled advertisers who had sued the search engine giant accusing it of trying to drive up fees through so-called click fraud.

The two sides agreed to commission the report as part of a settlement deal for the lawsuit, filed by advertising customer Lane's Gifts in a state court in Miller County, Arkansas.

Pay-per-click advertising, where advertisers only pay when people click on ads, is seen by critics as the Achilles' heel of Web search leader Google, which last quarter saw revenues grow 77 percent to $2.46 billion, virtually all from such ads.

The suit alleged Web advertisers allowed their pay-per-click ad systems to be abused in order to drive up fees paid by customers. It argued that companies such as Google have not taken reasonable steps to regulate the practice.

"Based on my evaluation, I conclude that Google's efforts to combat click fraud are reasonable," Alexander Tuzhilin, a professor of information systems at New York University, said in the report. Lane's Gifts commissioned Tuzhilin's report.

... A hearing is scheduled for Monday to hear objections raised to the proposed agreement, in which Google has agreed to pay up to $90 million to settle charges of overbilling customers.

Tuzhilin, a Web marketing expert, said after talking to Google's fraud prevention team, he could say "with a moderate degree of certainty" that click fraud is "under control."

Critics argue that up to 30 percent of pay-per-click advertising actions may be fraudulent, a figure Google and rival Yahoo Inc. describe as wildly exaggerated.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.